CVE-2020-12013: SQL Injection
First published: Thu Jul 16 2020(Updated: )
A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mitsubishielectric Mc Works32 | =9.50.255.02 | |
| Mitsubishielectric Mc Works64 | <=10.95.208.31 | |
| Iconics Energy Analytix | ||
| Iconics Facility Analytix | ||
| ICONICS GENESIS64 | ||
| ICONICS Hyper Historian | ||
| ICONICS MobileHMI | ||
| Iconics Quality Analytix | ||
| Iconics Smart Energy Analytix | ||
| ICONICS BizViz | ||
| ICONICS GENESIS32 | ||
| ICONICS GENESIS64 | ||
| ICONICS Hyper Historian | ||
| ICONICS AnalytiX | ||
| ICONICS MobileHMI | ||
| Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions | ||
| Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-12013?
CVE-2020-12013 is a vulnerability that allows for the execution of certain arbitrary SQL commands on Mitsubishi Electric MC Works64 Version 4.02C and earlier, and Mitsubishi Electric MC Works32 Version 3.00A.
How severe is CVE-2020-12013?
CVE-2020-12013 has a severity rating of 9.1 (critical).
Which software versions are affected by CVE-2020-12013?
CVE-2020-12013 affects Mitsubishi Electric MC Works64 Version 4.02C and earlier, and Mitsubishi Electric MC Works32 Version 3.00A.
Are there any known fixes for CVE-2020-12013?
At the moment, there are no known fixes for CVE-2020-12013. It is recommended to follow the guidance provided by the software vendor or CERT/CSIRT.
Where can I get more information about CVE-2020-12013?
You can find more information about CVE-2020-12013 on the official website of CERT/CSIRT.
- collector/nvd-index
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/first-publish-date
- agent/softwarecombine
- agent/description
- agent/event
- agent/tags
- agent/software-canonical-lookup-request
- vendor/mitsubishielectric
- canonical/mitsubishielectric mc works32
- version/mitsubishielectric mc works32/9.50.255.02
- canonical/mitsubishielectric mc works64
- version/mitsubishielectric mc works64/10.95.208.31
- vendor/iconics
- canonical/iconics energy analytix
- canonical/iconics facility analytix
- canonical/iconics genesis64
- canonical/iconics hyper historian
- canonical/iconics mobilehmi
- canonical/iconics quality analytix
- canonical/iconics smart energy analytix
- canonical/iconics bizviz
- canonical/iconics genesis32
- canonical/iconics analytix
- vendor/mitsubishi electric
- canonical/mitsubishi electric mc works64 version 4.02c (10.95.208.31) and earlier, all versions
- canonical/mitsubishi electric mc works32 version 3.00a (9.50.255.02)